Proxy ARP

The Proxy ARP methods uses a technique commonly known as transparent subnetting.

While the following information will provide a procedure to create connectivity between your virtual and external networks, you might want to learn more information about transparent subnetting. Here are some useful links:

V4 TCP/IP for AS/400(R): More Cool Things Than Ever Link outside Information Center
This pre-V5R3 redbook provides sample scenarios that demonstrate common solutions with example configurations. It also helps you plan, install, tailor, configure, and troubleshoot TCP/IP on your iSeries™ server.
TCP/IP routing and workload balancing
This topic provides techniques and instructions for routing and workload balancing.

If you choose to use the Proxy ARP method, you must have a firm understanding of subnetting and TCP/IP. You will need to obtain a contiguous block of IP addresses that are routable by your network. You subnet this block of IP addresses and assign one to the virtual TCP/IP interface and one to the TCP/IP connection in your logical partition as described in the following pre-V5R3 figure.


Illustrated example of Proxy ARP.

In this example, a contiguous block of four IP addresses is used, which is 10.1.1.12 - 10.1.1.15. Since it is a block of four IP address, the subnet mask for these addresses is 255.255.255.252. To configure a setup similar to this, use the following instructions:

  1. Obtain a contiguous block of IP addresses that are routable by your network. Since there is only one logical partition, you only need four IP addresses. The fourth segment of the first IP address in the block must be divisible by four. The first and last IP addresses of this block are the Subnet and broadcast IP addresses and are unusable. The second and third IP can be used for a virtual TCP/IP interface and a TCP/IP connection in your logical partition. For this example, the IP address block is 10.1.1.12 - 10.1.1.15 with a subnet mask of 255.255.255.252.

    You also need a single IP address for your external TCP/IP address. This IP addresses does not have to belong to your block of contiguous addresses, but it must be within the same original subnet of addresses as your block. In the example, the external IP address is 10.1.1.5 with a subnet mask of 255.255.255.0.

  2. Create an i5/OS® TCP/IP interface for your server. In this example, you would assign the 10.1.1.5 as an IP address and the subnet mask would be 255.255.255.0.
  3. Create an Ethernet line description for virtual Ethernet. Note the port of the hardware resource, because you will need it when you set up TCP/IP in your logical partition. In the case of the above example, assume the hardware resource is CMN05 with a port of 0 and although arbitrary, the line description name is VETH0. CRTLINETH LIND(VETH0) RSRCNAME(CMN05) LINESPEED(1G) DUPLEX(*FULL)
  4. Add a TCP/IP Interface for your Ethernet line description. Following the example, you could use:

    ADDTCPIFC INTNETADR('10.1.1.13') LIND('VETH0') SUBNETMASK ('255.255.255.252') LCLIFC('10.1.1.5')

    Attention: If the fourth segment of your virtual TCP/IP interface is greater than the fourth segment of your Proxy ARP IP address, then you need to set AUTOSTART to *NO on this interface.

    i5/OS starts its TCP/IP interfaces in numerical order and you must start the proxy ARP interface before you start any virtual TCP/IP interfaces.

  5. Turn on IP datagram forwarding. This allows the i5/OS TCP/IP interfaces to pass IP packets between each other. CHGTCPA IPDTGFWD(*YES)
  6. Start your TCP/IP interfaces. You can use a command like STRTCPIFC INTNETADR(yourIPaddress). For the example, you would issue the commands like:
    • STRTCPIFC INETADDR('10.1.1.5') // starts the external proxy ARP interface
    • STRTCPIFC INETADDR('10.1.1.13') // starts the virtual Ethernet interface
  7. On your logical partition, set up networking using the instructions or tools provided by your Linux distribution. Be sure to use the correct IP address, subnet mask, port, and router IP address.

    During the TCP/IP setup in Linux, you will need to know your net or network device. If you are running a 32-bit kernel version of 2.4.9 or less, the network device is VETH plus the port number from when you configured an Ethernet line description. If you are running a 64-bit kernel or a 32-bit kernel greater than or equal to 2.4.10, the network device is ETH plus the port number. See Create an Ethernet line description for virtual Ethernet for more information. In the example:

    • the interface IP address is 10.1.1.14
    • the subnet mask is 255.255.255.252
    • the gateway IP address is 10.1.1.13
    • the network device is VETH0 or ETH0 depending on the kernel version.
  8. To verify network communications, ping the virtual Ethernet interface and a host on the external network from your logical partition. Then from i5/OS ping the virtual Ethernet interface and the Linux interface.